packet: Do not segfault if we don't have packet_second_block

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2026-02-09 09:54:25 +09:00 · 2018-09-26 11:28:53 +02:00
parent a190ff9302
commit 8a3ea3bdd5
1 changed files with 32 additions and 22 deletions
--- a/src/packet.c
+++ b/src/packet.c
@@ -1065,32 +1065,42 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user)
            if (cleartext_packet == NULL) {
                goto error;
            }
-            if (session->current_crypto) {
+
-                /*
+            if (packet_second_block != NULL) {
-                 * Decrypt the rest of the packet (lenfield_blocksize bytes already
+                if (session->current_crypto != NULL) {
-                 * have been decrypted)
+                    /*
-                 */
+                     * Decrypt the rest of the packet (lenfield_blocksize bytes
-                if (packet_remaining > 0) {
+                     * already have been decrypted)
-                    rc = ssh_packet_decrypt(session,
+                     */
-                                            cleartext_packet,
+                    if (packet_remaining > 0) {
-                                            (uint8_t *)data,
+                        rc = ssh_packet_decrypt(session,
-                                            lenfield_blocksize,
+                                                cleartext_packet,
-                                            processed - lenfield_blocksize);
+                                                (uint8_t *)data,
                                                lenfield_blocksize,
                                                processed - lenfield_blocksize);
                        if (rc < 0) {
                            ssh_set_error(session,
                                          SSH_FATAL,
                                          "Decryption error");
                            goto error;
                        }
                    }
                    mac = packet_second_block + packet_remaining;
                    rc = ssh_packet_hmac_verify(session,
                                                session->in_buffer,
                                                mac,
                                                session->current_crypto->in_hmac);
                    if (rc < 0) {
-                        ssh_set_error(session, SSH_FATAL, "Decryption error");
+                        ssh_set_error(session, SSH_FATAL, "HMAC error");
                        goto error;
                    }
                    processed += current_macsize;
                } else {
                    memcpy(cleartext_packet,
                           packet_second_block,
                           packet_remaining);
                }
                mac = packet_second_block + packet_remaining;
                rc = ssh_packet_hmac_verify(session, session->in_buffer, mac, session->current_crypto->in_hmac);
                if (rc < 0) {
                    ssh_set_error(session, SSH_FATAL, "HMAC error");
                    goto error;
                }
                processed += current_macsize;
            } else {
                memcpy(cleartext_packet, packet_second_block, packet_remaining);
            }
            /* skip the size field which has been processed before */